Topic 6: Exam Pool (Jul-Aug)
Which of the following is MOST important for an IS auditor to consider when auditing a vulnerability
scanning software solution?
A.
The scanning software was purchased from an approved vendor
B.
The scanning software was approved for release into production.
C.
The scanning software covers critical systems.
D.
The scanning software is cost-effective.
The scanning software covers critical systems.
Electrical surge protectors BEST protect from the impact of:
A.
electromagnetic interference
B.
power outages
C.
sags and spikes
D.
reduced voltage
sags and spikes
Which of the following IS functions can be performed by the same group or individual while still providing
the proper segregation of duties?
A.
Application programming and systems analysis
B.
Computer operations and application programming
C.
Security administration and application programming
D.
Database administration and computer operations
Computer operations and application programming
Which of the following is the GREATEST advantage of using a framework to guide an organization’s
governance of IT?
A.
It enables consistency when making strategic IT investments across the organization.
B.
It enables better management of the annual IT budget provided by the board of directors.
C.
It enables improvements to the security of high-risk systems in the organization.
D.
It enables the achievement of service levels between IT and true business departments.
It enables consistency when making strategic IT investments across the organization.
What should be the PRIMARY basis for scheduling a follow-up audit?
A.
The significance of reported findings
B.
The completion of all corrective actions
C.
The availability of audit resources
D.
The time elapsed after audit report submission
The significance of reported findings
Which of the following is the MOST important consideration when developing an online business architecture
and recovery strategy?
A.
Single points of failure
B.
Vendors network security
C.
Immediate problem resolution
D.
Vendors financial stability
Single points of failure
The PRIMARY objective of parallel testing an application is to confirm that:
A.
the costs of running the new system are the same as running the old system.
B.
new system processing times are similar to those of the old system.
C.
system response times in the new system are better than the old system.
D.
the results of calculations in the new system are as accurate as the old system.
the results of calculations in the new system are as accurate as the old system.
The MAIN objective of incident management is to:
A.
test for readiness to respond when facing an incident.
B.
permit the incident to go on and follow the trail back to the beginning.
C.
have an external computer security incident response team assess damage.
D.
keep the business going while the response is occurring.
keep the business going while the response is occurring.
Which of the following would be the GREATEST concern when an organization’s disaster recovery strategy
utilizes a cold site?
A.
The lack of hardware components availability
B.
The lack of electrical power connections
C.
The lack of appropriate environmental controls
D.
The lack of networking infrastructure
The lack of electrical power connections
An IS auditor discovers instances where software with the same license key is depbyed to multiple
workstations, in breach of the licensing agreement. Which of the following is the auditor's BEST
recommendation?
A.
Evaluate the business case for funding of additional licenses.
B.
Require business owner approval before granting software access
C.
Remove embedded keys from offending packages.
D.
Implement software licensing monitoring to manage duplications.
Implement software licensing monitoring to manage duplications.
An organization has performance metrics to track how well IT resources are being used, but there has been
little progress on meeting the organization's goals. Which of the following would be MOST helpful to
determine the underlying reason?
A.
Conducting a root cause analysis
B.
Re-evaluating organizational goals
C.
Re-evaluating key performance indicators (KPls)
D.
Conducting a business impact analysis (BIA)
Re-evaluating key performance indicators (KPls)
An organization is designing an application programming interface (API) for business-to-business data sharing
with a vendor. Which of the following is the BEST way to reduce the potential risk of data leakage?
A.
Implement a policy to require data transfer over hypertext transfer protocol (HTTP)
B.
Implement the API on a secure server and encrypt traffic between both organizations
C.
Restrict the allowable number of API calls within a specified period
D.
Conduct an independent review of the application architecture and service level agreements (SLAs)
Implement the API on a secure server and encrypt traffic between both organizations
| Page 32 out of 85 Pages |
| 1920212223242526272829303132333435363738394041424344 |
| CISA Practice Test Home |
Real-World Scenario Mastery: Our CISA practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CISA practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved